All detected attacks are logged with attack_type, agent_id, ctx_id, and timestamp. Query via GET /audit.
| Attack | Detection Mechanism | GRG Layer | Log Field |
|---|---|---|---|
| Token Replay Reuse of a previously valid PoT token |
seen_tokens HashMap — duplicate token hash detected on verify | Application | REPLAY |
| Timestamp Drift NTP manipulation, clock skew injection |
±60s window check against server time; Roughtime chain_digest bound into GRG commitment — any timestamp deviation causes commitment mismatch | chain_digest → FORGE | DRIFT / FORGE |
| Signature Forgery Fake issuer, tampered token body |
Ed25519 signature verification against published pubkey — cryptographically unforgeable without issuer private key | Ed25519 | FORGE |
| Flood / DDoS Request rate abuse, resource exhaustion |
Per-IP and per-agent rate limiting (requests/min); excess requests rejected with 429 | Application | FLOOD |
| Ordering Attack Out-of-sequence token submission |
Fleet cross-reference — token sequence validated across agent set | Application | ORDERING |
| Cross-Pool Replay Token from Pool A submitted to Pool B |
HMAC key derived from keccak256(ctx_id) — cross-pool commitment mismatch is cryptographically certain | HMAC | FORGE |
| Sybil Attack Multiple fake agent IDs from same node |
ctx_id HMAC binding — each service context has unique commitment key; cross-context token reuse fails verification | HMAC | FORGE |
| GPS Spoofing Falsified satellite time signals |
Roughtime chain spans ≥3 independent time sources; single-source GPS spoof creates chain spread violation → commitment diverges | chain_digest → FORGE | FORGE |
| NTP Injection Rogue NTP server, synchronized clock bias |
Roughtime chain_digest is GRG-committed alongside payload — manipulated timestamp shifts chain_digest, breaking Ed25519 signature | chain_digest → Ed25519 | FORGE |
| BGP Hijacking Route manipulation, man-in-the-middle |
Intercepted tokens cannot be re-signed without issuer private key — any modification invalidates Ed25519 signature | Ed25519 | FORGE |
| DNS Poisoning Redirected API endpoint, fake issuer |
Issuer pubkey is pinned and published out-of-band; tokens from any other key fail Ed25519 verification | Ed25519 | FORGE |
| SDN Flow Manipulation Packet reordering via SDN controller |
ORDERING cross-reference detects sequence anomalies; GRG Reed-Solomon layer recovers partial data corruption | RS(4,6) + ORDERING | ORDERING |
| Protocol Violation Malformed token, missing fields |
Schema validation on all fields; Golay(23,12,7) ECC detects bit-level corruption | Golay G₂ | INVALID |
All attacks ultimately converge to a commitment mismatch, caught at the Ed25519 layer.
Input Payload (P)
└─ G₁: Golomb-Rice compression
└─ R: Reed-Solomon (4,6) — 2 parity shards, tolerates 2 shard loss
└─ G₂: Golay(23,12,7) ECC — corrects ≤3 bit errors per codeword
└─ H: HMAC-SHA256 (key = keccak256(ctx_id)) — context binding
└─ GRG_Commitment = SHA-256(G₂(R(G₁(P ‖ chain_digest)), ctx_id))
└─ Ed25519 signature over GRG_Commitment
curl "https://api.kenosian.com/audit?ctx_id=dlr-poc&window=3600" \ -H "X-API-Key: <your-api-key>"
{
"ctx_id": "dlr-poc",
"window_secs": 3600,
"total_requests": 142,
"byzantine_total": 3,
"byzantine_ratio": 0.021,
"attack_breakdown": {
"REPLAY": 2,
"DRIFT": 1,
"FORGE": 0,
"FLOOD": 0,
"ORDERING": 0,
"INVALID": 0
}
}
Live Byzantine detection metrics. Access on request — contact heime.jorgen@proton.me
curl https://api.kenosian.com/metrics
tttps_attack_total{type="replay"} 2
tttps_attack_total{type="drift"} 1
tttps_attack_total{type="forge"} 0
tttps_byzantine_ratio 0.021
tttps_valid_count 139
Grafana dashboard: https://kenosian.com/grafana
# 1. Health check
curl https://api.kenosian.com/health
# 2. Generate PoT token
curl -X POST https://api.kenosian.com/pot/generate \
-H "X-API-Key: <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"agent_id":"dlr-aipx-01","ctx_id":"dlr-poc"}'
# 3. Verify + Byzantine detection
curl -X POST https://api.kenosian.com/pot/verify \
-H "X-API-Key: <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"token":"<token>","agent_id":"dlr-aipx-01","ctx_id":"dlr-poc"}'
# 4. Audit report
curl "https://api.kenosian.com/audit?ctx_id=dlr-poc&window=3600" \
-H "X-API-Key: <your-api-key>"